<?php
namespace App\Middleware;

/**
 * @brief 签名中间件
 */
class Sign {
    public function handle() {
        //请求参数
        $params = \Http_Server::$request;
        //验证请求时的时间戳
        $ts = \Yaf_Registry::get('Config')->auth->sign->ts ?? 30;
        if (!isset($params['ts']) || $params['ts'] > time() || (time() - $params['ts'] > (int) $ts)) {
            \Response::error('Sign: Timestamp missing', 21, true);
        }
        
        if (!isset($params['sign'])) {
            \Response::error('Sign: Signature missing', 22, true);
        }

        if ($params['sign'] != \Auth\Sign::getSign($params)) {
            \Response::error('Sign: Invalid signature', 23, true);
        }
        
        return true;
    }
}
